From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Alexey Klyukin <alexk(at)hintbits(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: re-reading SSL certificates during server reload |
Date: | 2014-08-28 14:07:42 |
Message-ID: | CABUevExMOCfx35xw=VoztaTvr7fGvsML4GGosFC3KiOWgs3yeg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>>> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>>> Key and cert files are loaded in the postmaster. We'd need to change
>>>> that.
>
>>> Why?
>
>> Hmm. That's actually a good point. Not sure I have an excuse. They
>> could certainly be made BACKEND without that, and there's no way to
>> change it within a running backend *anyway*, since we cannot turn
>> on/off SSL once a connection has been made. So yeah, it can actually
>> still be loaded in postmaster, and I withdraw that argument :)
>
> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
> The only reason they're PGC_POSTMASTER is the lack of any code
> for loading updated values, which I assume is something that's
> possible with OpenSSL.
I just thought semantically - because they do not change in a running
backend. Any running backend will continue with encryption set up
based on the old certificate.
> We could in fact wait to load them until after a backend has forked off
> from the postmaster, but (1) that'd slow down session startup, and (2)
> it would mean that you don't hear about broken settings at postmaster
> startup.
>
> (BTW, what happens on Windows? I imagine we have to reload them anyway
> after fork/exec on that platform ...)
Yes, we already do that - secure_initialize() is called in SubPostmasterMain().
But I think reloading them in the postmaster on Unix is the better choice, yes.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2014-08-28 14:10:09 | Re: pgsql: Allow units to be specified in relation option setting value. |
Previous Message | Tom Lane | 2014-08-28 14:05:28 | Re: re-reading SSL certificates during server reload |